package com.ls.fw.token.support;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * An API to allow changing the method in which the expected {@link Token} is
 * associated to the {@link HttpServletRequest}. For example, it may be stored in
 * {@link HttpSession}.
 *
 * @see HttpSessionTokenRepository
 *
 */
public interface TokenRepository {
	public static final String DEFAULT_PARAMETER_NAME = "_token";

	public static final String DEFAULT_HEADER_NAME = "X-TOKEN";
	/**
	 * Generates a {@link Token}
	 *
	 * @param request the {@link HttpServletRequest} to use
	 * @return the {@link Token} that was generated. Cannot be null.
	 */
	Token generateToken(HttpServletRequest request);

	/**
	 * Saves the {@link Token} using the {@link HttpServletRequest} and
	 * {@link HttpServletResponse}. If the {@link Token} is null, it is the same as
	 * deleting it.
	 *
	 * @param token the {@link Token} to save or null to delete
	 * @param request the {@link HttpServletRequest} to use
	 * @param response the {@link HttpServletResponse} to use
	 */
	void saveToken(Token token, HttpServletRequest request,
			HttpServletResponse response);

	/**
	 * Loads the expected {@link Token} from the {@link HttpServletRequest}
	 *
	 * @param request the {@link HttpServletRequest} to use
	 * @return the {@link Token} or null if none exists
	 */
	Token loadToken(HttpServletRequest request,boolean createIFNoExist);
	
	void removeToken(Token token, HttpServletRequest request,
			HttpServletResponse response);
	/**
	 * 获取token对应的key
	 * @author lisheng
	 * @date 2016年2月28日 下午9:38:51
	 * @version V1.0
	 * @param request
	 * @return
	 */
	String getKey(HttpServletRequest request);
	/**
	 * Gets the HTTP header that the CSRF is populated on the response and can be placed
	 * on requests instead of the parameter. Cannot be null.
	 *
	 * @return the HTTP header that the CSRF is populated on the response and can be
	 * placed on requests instead of the parameter
	 */
	String getHeaderName();

	/**
	 * Gets the HTTP parameter name that should contain the token. Cannot be null.
	 * @return the HTTP parameter name that should contain the token.
	 */
	String getParameterName();

}
